lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20210309085706.2d6bd0f0@collabora.com>
Date:   Tue, 9 Mar 2021 08:57:06 +0100
From:   Boris Brezillon <boris.brezillon@...labora.com>
To:     Manivannan Sadhasivam <manivannan.sadhasivam@...aro.org>
Cc:     miquel.raynal@...tlin.com, richard@....at, robh+dt@...nel.org,
        linux-arm-msm@...r.kernel.org, devicetree@...r.kernel.org,
        linux-mtd@...ts.infradead.org, linux-kernel@...r.kernel.org,
        Daniele.Palmas@...it.com, bjorn.andersson@...aro.org
Subject: Re: [PATCH v4 2/3] dt-bindings: mtd: Add a property to declare
 secure regions in NAND chips

On Mon, 8 Mar 2021 19:01:34 +0530
Manivannan Sadhasivam <manivannan.sadhasivam@...aro.org> wrote:

> On Mon, Mar 08, 2021 at 10:10:59AM +0100, Boris Brezillon wrote:
> > On Mon,  8 Mar 2021 11:14:46 +0530
> > Manivannan Sadhasivam <manivannan.sadhasivam@...aro.org> wrote:
> >   
> > > On a typical end product, a vendor may choose to secure some regions in
> > > the NAND memory which are supposed to stay intact between FW upgrades.
> > > The access to those regions will be blocked by a secure element like
> > > Trustzone. So the normal world software like Linux kernel should not
> > > touch these regions (including reading).
> > > 
> > > So let's add a property for declaring such secure regions so that the
> > > drivers can skip touching them.
> > > 
> > > Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@...aro.org>
> > > ---
> > >  Documentation/devicetree/bindings/mtd/nand-controller.yaml | 7 +++++++
> > >  1 file changed, 7 insertions(+)
> > > 
> > > diff --git a/Documentation/devicetree/bindings/mtd/nand-controller.yaml b/Documentation/devicetree/bindings/mtd/nand-controller.yaml
> > > index d0e422f4b3e0..15a674bedca3 100644
> > > --- a/Documentation/devicetree/bindings/mtd/nand-controller.yaml
> > > +++ b/Documentation/devicetree/bindings/mtd/nand-controller.yaml
> > > @@ -143,6 +143,13 @@ patternProperties:
> > >            Ready/Busy pins. Active state refers to the NAND ready state and
> > >            should be set to GPIOD_ACTIVE_HIGH unless the signal is inverted.
> > >  
> > > +      secure-regions:
> > > +        $ref: /schemas/types.yaml#/definitions/uint32-matrix
> > > +        description:
> > > +          Regions in the NAND chip which are protected using a secure element
> > > +          like Trustzone. This property contains the start address and size of
> > > +          the secure regions present.
> > > +  
> > 
> > Since you declare this as a generic property, I think it'd be simpler
> > to do the check at the core level.
> >   
> 
> Hmm, so have the parsing logic in qcom driver and check in core or both parsing
> and check in core?

Both in the core.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ